14,698 High & Critical Vulnerabilities since 2005 Source: CVE Details .
-
Upload
allan-tyler -
Category
Documents
-
view
215 -
download
0
Transcript of 14,698 High & Critical Vulnerabilities since 2005 Source: CVE Details .
14,698 High & Critical Vulnerabilities since 2005
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-100
2000
4000
6000
8000
10000
12000
11 162
1172371
60485620
3894
10355
109
4234
Vulerability Distribution by CVSS Scores(January 1, 2005 - July 1, 2010)
CVSS Score
# of
Vul
nera
biliti
es
Source: CVE Details http://www.cvedetails.com/cvss-score-graphics.php?fromform=1&vendor_id=&product_id=&startdate=2005-01-01&enddate=2010-07-01
Testability Gap
Canvas Core Impact Metasploit Vulns CVSS7+
# of Exploits 150 766 500 14698
1,000
3,000
5,000
7,000
9,000
11,000
13,000
15,000
Testable Vulnerabilities2005-2010
Vuln
erab
ilitie
s fou
nd/E
xplo
its
Testing “Defense in Depth”
Windows Clients Data Center AppsOracle, EMC, Veritas, HP, MicrosoftMicrosoft (Windows, IE, Office), Adobe,
Mozilla, etc.
Firewall & Network IPS
Gap AnalysisProtected &
Exposed Vulnerabilities
HIPS, AV, etc.
NSS
Lab
s - L
ive
Test
™ F
ram
ewor
k
Attacks
Network Intrusion Prevention (IPS) Varies widely• IPS products have significant gaps in coverage• Default configs not sufficient Tune
Vendor A Vendor B Vendor C Vendor D Vendor E Vendor F Vendor G
Tuned 89.5% 80.7% 78.4% 72.9% 62.9% 47.4% 17.3%
Default 65.3% 43.5% 34.9% 66.9% 56.3% 42.6% 17.1%
0%
20%
40%
60%
80%
100%
Block
Rate
Source: Q4 2009 NIPS Test, n=1159
Host Intrusion Prevention (HIPS) varies widely
• Attackers will try multiple exploits and variants• Quality of signatures matters
Trend Micro McAfee Kaspersky Sophos F-Secure Symantec ESET AVG Norman Panda0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Exploit Test Results
Sum of Original Exploit Sum of Exploit Variant of the same Vulnerability
Source: Q2 2010 EPP HIPS Test, n = 123
Evasion: Every AV product can be circumvented
• Hundreds of options, thousands of combinations• Old attacks can be made new again
Vendor HTML Obfuscasion Payload Encoding File Compression Exe CompressorsA 43% 40% 80% 40%B 100% 40% 80% 100%C 100% 40% 80% 80%D 100% 80% 80% 80%E 100% 60% 60% 80%F 43% 20% 80% 40%G 43% 40% 60% 40%H 57% 60% 80% 80%I 100% 40% 60% 60%J 100% 100% 60% 80%
What’s Needed…
• “Gloves off” Security Testing– If you’re not testing like the bad guys, what’s the point.
• Real-world malware & phishing tests• Vulnerability-focused exploit testing & protection• Stopping variants• Properly handling evasion techniques• Good default, recommended and tuned policies